According to a report by market intelligence firm International Data Corporation, companies worldwide are projected to spend $219 billion on cybersecurity in 2023, and by 2026, annual cybersecurity expenditures are projected to rise to $300 billion.
As the importance of cybersecurity grows, so does the importance of cybersecurity ethics. Holding to ethical principles differentiates those who help defend against harm from those who intend to inflict harm (such as hackers and perpetrators of ransomware attacks). Protecting the security and confidentiality of information and systems requires cybersecurity professionals to employ the highest standards of ethical practice.
Because they have extensive access to information and systems that affect the lives of almost everyone, the professionals working in cybersecurity have a responsibility to keep ethics in mind with every action they take.
Individuals who aspire to work in cybersecurity and are considering enrolling in an online master of science in cybersecurity degree program can benefit from exploring how ethics informs the work of cybersecurity professionals.
Tenets of Cybersecurity Ethics
Cybersecurity gives rise to plenty of ethical considerations. The tenets of ethical practice in cybersecurity include:
- Respecting people. Showing respect for the rights of individuals encompasses ethical practices such as:
- Maintaining the privacy and confidentiality of information
- Operating on a basis of trust by, for example, being transparent about how information will be used
- Following ethical data collection procedures, such as obtaining informed consent prior to collecting data
- Ensuring justice. Examples of ethical practices related to ensuring justice include:
- Avoiding bias in cybersecurity by, for example, promoting diversity on cybersecurity teams
- Eliminating discrimination in cybersecurity algorithms
- Removing discriminatory practices in profiling performed for the purposes of cybersecurity
- Respecting the law and the public interest. Ethical practices that demonstrate this respect include practices such as:
- Disclosing vulnerabilities and breaches
- Responding to weaknesses in cybersecurity identified through processes such as audits
- Properly managing conflicts of interest that arise in cybersecurity (for example, properly navigating the tension between the disclosure of vulnerabilities and the damage that disclosure can do to an organization’s reputation)
Ethical Guidelines for Cybersecurity
Several organizations have established ethical guidelines or codes of ethics for cybersecurity. The following examples illustrate the scope of these codes.
CREST Code of Ethics
CREST (the Council for Registered Ethical Security Testers) is a nonprofit organization that provides accreditation to cybersecurity firms that successfully pass its reviews in areas such as data security and cybersecurity testing. CREST also offers certifications to cybersecurity professionals in areas such as penetration testing, incident response, and threat intelligence. CREST has established a cybersecurity code of ethics that covers aspects of cybersecurity such as:
- Prohibition against extortion, bribery, and corruption
CompTIA Professional Code of Ethics
CompTIA (the Computing Technology Industry Association) offers certifications in areas such as cybersecurity and penetration testing (a simulated cyberattack that checks for vulnerabilities). Its professional code of ethics establishes ethical requirements in areas such as:
- Conflicts of interest
- Professional competence
ISACA Code of Professional Ethics
ISACA (formerly the Information Systems Audit and Control Association) provides certifications in areas such as information security management, data privacy, and cybersecurity. The ethical standards in its professional code of ethics cover areas such as:
- Conduct and character
- Due diligence
- Professional care
Integrating Ethics into Cybersecurity
Organizations can integrate ethics into cybersecurity through approaches that emphasize:
- Where the responsibility for ethical cybersecurity rests. Ensuring ethics in cybersecurity is not limited to an information technology department or a cybersecurity team. Every employee of an organization is responsible for following ethical practices to protect information and systems. Creating a culture that emphasizes ethics in cybersecurity helps ensure that all employees operate in an ethical manner.
- Why ethical cybersecurity is important. It’s critical that organizations communicate the reasons underlying their cybersecurity controls and policies. This can inform employees of potential risks and enhance their ability to be vigilant about potential cybersecurity incidents or activity that seems unusual.
- How organizations will integrate ethics into cybersecurity. For example, an organization can:
- Craft a cybersecurity code of ethics tailored to its own unique operations
- Provide all employees with training and education on ethics in cybersecurity
- Regularly conduct risk assessments on an organization-wide basis to identify vulnerabilities
- Maintain complete and accurate records of all information it maintains and how it processes and shares that information
- Inform employees about the organization’s penalties for failure to act in an ethical manner, and impose those penalties when necessary
Role of the Cybersecurity Professional
While all employees of an organization have ethical responsibilities in cybersecurity, it’s particularly important for cybersecurity professionals to uphold ethics. Given their expertise and the wide-ranging access they have to information and systems, it’s critical for professionals working in cybersecurity to ensure the privacy and security of the assets they are charged with protecting.
Ethical Practice Is Key to a Cybersecurity Career
Practicing ethical cybersecurity is essential to maintaining trust and operating in a manner that demonstrates respect and integrity. In addition to their valuable technical skills, cybersecurity professionals benefit from knowledge of ethical practice and how it applies to their work. Individuals who are interested in advancing their expertise in cybersecurity can explore The University of Tulsa’s online Master of Science in Cyber Security degree program to learn how it can help them achieve their professional goals. Equipping students with knowledge of the theories and techniques of cybersecurity, the program sets the stage for a rewarding career protecting valuable information and systems. Begin your educational journey in cybersecurity.